package com.yangxk.kadmin.auth.intercepter;

import com.yangxk.kadmin.auth.service.CoreService;
import com.yangxk.kadmin.common.exception.NoPermissionException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.servlet.HandlerInterceptor;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

/**
 * 权限拦截器(spring mvc)
 * 该拦截器的order为-1，如果配置了其他的拦截器并且配置了order>-1,则该拦截器优先执行
 * @author yangxk
 * @date 2018/9/9 14:17
 */
public class AuthIntercepter implements HandlerInterceptor {

    @Autowired
    private CoreService coreService;

    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        String path = request.getServletPath();
        if (coreService.isPass(path, request)) {
            return true;
        }

        throw new NoPermissionException(coreService.userId(request) + "无权限访问url:" + path);
    }
}
